[SystemSafety] AVs vs. driver aids ... some more WTF questions

Olwen Morgan olwen at phaedsys.com
Tue Sep 3 16:57:15 CEST 2019 

G*ood question - that had actually already occurred to me. Some 
responses interspersed below:*

On 03/09/2019 14:31, Palin, Stuart (UK) wrote:
> Olwen Morgan wrote:
>
> Date: Mon, 2 Sep 2019 15:29:36 +0100
> Subject: Re: [SystemSafety] AVs vs. driver aids ... some more WTF questions
>
>> Another gem from the Ford Grand C Max's systems:
> ...
>> 2.??? I stop the car, apply the hand brake and put it into neutral. The
>> car stops the engine because of its economy features. Then, since I am
>> actually parking rather than just stationary in traffic, I open the door
>> to get out forgetting to switch off at the dashboard. Do I get a beep
>> and a reminder to switch off? No. The car *starts the engine* when I
>> open the door. ...
> What would you expect to happen in the case of:
>
> 3.  Stop the car, apply handbrake, put into neutral, engine not stopped
> by economy features (e.g. because battery charging), do not turn off,
> door opens.
>
> I would expect the car not to change state (i.e. keep the engine running - because I am just opening the garage door so I can park up, or something similar).
*>>> Yes, I agree with you here**. And my reason is that this is the 
behaviour that would be familiar to a driver of a car without this kind 
of driver-assist software. Indeed, it is exactly what my old Skoda 
Octavia Estate (RIP: 332588 miles on the clock at scrappage with 
original engine gearbox and clutch :-) would have done in the case you 
describe.*
> For your second case - transitioning the vehicle to engine-running would seem to align it with this state, and acts as a reminder that you have not turned off.  Seems to have a logic to it.

*>>> By logic, I assume you mean some kind of symmetry? In this case, 
although a symmetry can be seen, my view is that it is not a sound 
practice to exploit it.
*

*>>> Normally I look for symmetries in design, whether at system or 
program level, to see what they represent and whether they are worth 
exploiting in the design. In my experience this works well EXCEPT in HMI 
where it can sometimes produce some startlingly inapt results. I regard 
the C Max behaviour as inapt in this case.*

*>>> My main point in all this, however, is that compared with 
driver-assist systems, the software for autonomous vehicles is probably 
two-to-three orders of magnitude more complex in terms of its 
state-graph and that if developers of vehicle-based software cannot even 
achieve full transition coverage in testing small systems, can we 
realistically expect them to do any better for AI systems - where it may 
be intractable even to abstract a usable state-graph from the design?*

*>>> AI brings lots of problems, not least of which is its testability. 
The testability issue alone would keep me well clear of AVs until the 
phallocephaloids who keep plugging them actually develop a more cogent 
sense of reality.*

*
*

*regards,*

*Olwen*

**

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.techfak.uni-bielefeld.de/mailman/private/systemsafety/attachments/20190903/9987432e/attachment.html>

More information about the systemsafety mailing list